NeuralTrust researchers warn that attackers can trick OpenAI Atlas into running dangerous commands by disguising malicious instructions as URLs in the omnibox. This clever prompt injection turns the browser into a digital daredevil, executing harmful actions with the enthusiasm of a cat chasing a laser pointer. Who knew URLs could be such sneaky tricksters?

LinkedIn’s ready to gobble up your data for AI training starting November 3, 2025. If you’re in the UK, EU, EEA, Switzerland, Canada, or Hong Kong, you’ve got a week to opt out. Avoid becoming AI fodder and tweak those settings, because LinkedIn’s hungry and Microsoft wants in on the feast too!

Chainguard raised $280 million last week, bringing their total funding to nearly $900 million. Specializing in secure open source supply chain solutions, they offer secure-by-default container images and more. This latest investment will fuel their go-to-market efforts, ensuring they’re not just securing software, but also their financial future.

Researchers have uncovered a cheeky new exploit in OpenAI’s Atlas web browser: malicious prompts disguised as URLs. By molding URLs to resemble innocuous text, they trick Atlas into treating them as high-trust commands. It’s like sending the browser on a wild goose chase, only this time the goose might delete your Excel files.

Smishing Triad is at it again! This time, they’re on a world tour impersonating everything from toll services to cryptocurrency exchanges. With over 194,000 malicious domains, their smishing campaign is like spam mail on steroids. Remember, if it smells phishy, it probably is—especially if it’s asking for your Social Security number.

CISA has sounded the alarm, urging U.S. agencies to patch the critical WSUS vulnerability, CVE-2025-59287, before hackers make it their new playground. This wormable remote code execution flaw gives attackers SYSTEM privileges, turning your server into their private dance floor. Time to patch up or risk an unwanted cyber conga line!

HyperRat: the malware-as-a-service sensation that lets even the laziest hackers control Android devices with ease. This new RAT, marketed on cybercrime forums, offers a web control panel for remote spying, phishing, and more—all without a single line of code. Welcome to malware for dummies.

Oh, the irony! Cybercriminals are now exploiting the very pillars that once fortified our digital world: security, trust, and stability. This week’s highlight? A critical Microsoft WSUS flaw, CVE-2025-59287, is under attack. Remember, in cybersecurity, feeling safe can be more dangerous than staying alert. Stay vigilant!

X (formerly Twitter) announced users must re-enroll security keys by November 10, sparking security concerns. X finally explained it’s not a breach; it’s about retiring the Twitter domain. Physical security keys tied to twitter.com need re-enrollment for x.com. Meanwhile, X embraces the passkey push, joining other tech giants in the passwordless revolution.

Ex-CISA head Jen Easterly claims AI could spell the end of the cybersecurity industry. While AI helps attackers create sneakier malware, it also tracks vulnerabilities faster than ever. Easterly humorously suggests renaming hackers “scrawny nuisances” and emphasizes that poor software quality, not elusive hackers, is the real issue.

Tata Consultancy Services (TCS) denies losing its service desk contract with Marks & Spencer due to a cyber-attack, calling reports misleading. TCS clarifies that M&S chose other suppliers before the incident and asserts the vulnerabilities weren’t from its systems. TCS doesn’t provide cybersecurity services to M&S.

The Linux variant of Qilin ransomware is crashing Windows’ defenses like a bull in a china shop—by quietly sneaking through the back door with remote management tools and BYOVD tactics. It’s the digital equivalent of hiding a bear in a bunny costume, and it’s driving security experts hopping mad.

Mark your calendars: by November 10, 2025, X users must re-enroll their security keys to avoid being locked out. It’s not a security breach—just a domain switch from twitter.com to x.com. So, unless your life’s mission is to become a digital hermit, get re-enrolling!

UK consumers faced a steep fraud hill in the first half of 2025, with losses up 3% and cases surging 17%. Romance fraud soared 35%, proving love hurts, especially your wallet. Unauthorized fraud also climbed, with card fraud cases reaching new heights. It seems criminals are working overtime while consumers are left holding the (empty)…

GutenKit and Hunk Companion WordPress plugins are under siege! With 9 million exploit attempts blocked, attackers are bent on installing rogue plugins. Defiant warns of vulnerabilities allowing remote code execution and unauthorized installations. Site admins, update now or risk becoming the punchline in this digital heist!

Sensitive personal details of over 450 top secret clearance holders were exposed online through a job database linked to the US House of Representatives. This data leak was discovered by an ethical hacker on DomeWatch, a site run by House Democrats. If accessed by malicious actors, this information could pose serious espionage risks.

Ransomware payments hit a historic low, dropping to 23% in Q3 2025. Coveware credits this to enterprises refusing to pay and mid-market companies haggling down demands. Apparently, in the world of cybercrime, it’s a tough gig when victims start embracing the art of saying “no” or “how about less?”

Threat actors have found a way to give two popular WordPress plugins, GutenKit and Hunk Companion, a bug-induced makeover. With a combined active installation count of over 48,000, these plugins are now an open invitation for remote code execution (RCE). Wordfence has already blocked nearly 8.8 million exploitation attempts—talk about uninvited guests!

The ransomware group Qilin is on a roll, claiming over 40 victims monthly in 2025, except for January. With a knack for wreaking havoc, they’ve targeted manufacturing, professional services, and wholesale trade sectors, leaving no shadow copy unturned. Beware, as they blend legitimate tools with cyber trickery in their relentless pursuit of chaos.

In a plot twist worthy of a spy novel, Operation ForumTroll exploits Chrome zero-day CVE-2025-2783 to play cat-and-mouse with cybersecurity experts. Using phishing emails disguised as forum invites, it delivers malware with all the subtlety of a toddler’s dance recital, leaving organizations in Russia scrambling for digital cover.